01489: Crash in PageVar function if $FmtPV[$var] yields empty string
Description: Scenario: custom-built form in pmwiki.
If for some reason, $FmtPV[$var]
results in a zero length string rather than an empty literal string ('""'
), php crashes with
Parse error: syntax error, unexpected token "return" in /data/html/pmwiki-2.3.21/pmwiki.php on line 1324
because the code tries to do eval("return ();")
rather than eval("return ('');")
In eg 2.3.18, the line reads
if (@$FmtPV[$var]) return eval("return ({$FmtPV[$var]});");
This "if" statement yields "False" on both an empty string and an unset variable.
In 2.3.21, the same line reads
if (isset($FmtPV[$var])) return eval("return ({$FmtPV[$var]});");
This "if" statement yields "True" even if the variable is empty.
Solution: either revert to the 2.3.18 way, or add a 2nd condition like
if (isset($FmtPV[$var]) && $FmtPV[$var]) return eval("return ({$FmtPV[$var]});");
Many production webservers will not display PHP errors or warnings but just bomb with a 500 error. I know the basic culprit is a badly designed form (user programmer's error). Still, pmwiki should not be tricked into generating syntax errors.
Best, Ben tictactux
Thanks for this report, fixed for 2.3.22. Since
can also be 0 / zero, I have chosen the following. --Petko
$FmtPV
[$var]
if (isset($FmtPV[$var]) && strval($FmtPV[$var])>'') return eval("return ({$FmtPV[$var]});");